Secure the Operating System Layer
Version:
2022.1
Last modified: August 24, 2022
We recommend these best practices for hardening your operating system.
- Check and install Windows updates.
- Apply the latest patches and updates.
- Remove or disable unnecessary services and software.
- Assign minimal permissions to system users.
- Enable auditing.
- Follow any additional OS-level hardening steps recommended by the security/IT teams at your organization.
- Adjust the Windows Schannel configuration to limit access to insecure protocols and cipher suites, and to set preferred cipher suite order.
-
You can modify the Schannel configuration manually via the registry and group policy editor (see Secure Channel - Win32 apps).
-
Or you can use the third-party tool IIS Crypto (For example, Nartac Software - IIS Crypto. If you decide to use IIS Crypto, their built-in ‘Best Practices’ template is a great starting point.).
-
Contact your operating system vendor for additional recommended best practices for hardening your operating system.